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Description 

This invention is concerned with video control sys- 
tems. 

In the prior art, a software distribution system is 
known wherein a computer program is downloaded 
once, followed by an access key to allow use of it on 
each subsequent use. This system uses a dynamic key 
that constantly changes, and is directly related to a us- 
er's decoder box, both by ID and an internal dynamic 
counter. 

Also known is a video system that autonomously 
controls the viewing of a recording for either 24 hours 
or once only. 

There is also known - see GB-A-21 32860 a condi- 
tional access broadcast system having the features of 
the preamble of Claim 1 . Such an arrangement is in- 
tended to be used by provision to the viewer of any nec- 
essary code encryption keys on a periodic basis such 
that viewing of a plurality of programs can be achieved 
on a prepayment or direct debit system without change 
of the code encryption, the same key being used with 
transmissions over a period of typically one month. It is 
also known, see EP-A-01 32401 to utilise in a similar ar- 
rangement selected tier' code encryption keys that can 
designate category of program and channel of transmis- 
sion. 

It is desirable however to provide a video control 
system which decrypts encrypted broadcasts or record- 
ed copies of video material such that the subsequent 
viewing is controlled. This would allow the owner to ei- 
ther forbid viewing, or collect revenue at his or her dis- 
cretion. 

The above mentioned systems do not provide the 
power of control required to achieve this object. 

In accordance with the invention there is therefore 
provided a system having the features of the character- 
ising clause of Claim 1. 

One embodiment of the invention will now be de- 
scribed, by way of example, with reference to the ac- 
companying drawings in which: 

Figure 1 is a block diagram of a video system em- 
bodying the invention; and Figure 2 shows an en- 
cryption arrangement according to the invention. 

Reference is made to Figure 1 which is a block di- 
agram of a video system 10 embodying the invention. 
The video system comprises a central facility 11 , a ter- 
minal 12, and a duplex communication link 13 between 
central facility 11 and terminal 12. An overview of the 
system is first given. 

Terminal 12 is provided with a video program includ- 
ing a series of television fields including a first field con- 
taining both a random digital code encrypted according 
to a code encryption key and program identification da- 
ta, and a second field containing an unintelligible video 
signal previously transformed from an intelligible video 



signal according to the random digital code. 

The video program may be transmitted by broad- 
cast, cable, satellite, fiber, or any other transmission me- 
dium 14. Alternative the video program may be stored 
5 on a video recording medium 1 5 such as magnetic tape 
or video disk and played by player 1 6. The unintelligible 
video signal may be either analog or digital. 

A second field has a vertical blanking interval con- 
taining both a random digital code encrypted according 
10 to a code encryption key and program identification da- 
ta, is followed by a third field containing an unintelligible 
video signal previously transformed from an intelligible 
video signal according to the random digital code of the 
second field. 

*5 Terminal 12 includes means 17 to store terminal 
identification data and means to send to the central fa- 
cility 11 the terminal identification data and the program 
identification data over link 13. 

Central facility 1 1 includes a data base 1 9 for storing 

20 and retrieving at least one code encryption key corre- 
sponding to the program identification data, means 20 
for sending the code encryption key from the central fa- 
cility 11 to the terminal 12, and means 21 for generating 
billing data based on both terminal identification data 

25 and program identification data. 

Terminal 1 2 further including means 22 for receiving 
the code encryption key from central facility 11 , decrypt- 
ing means 23 for decrypting the encrypted random dig- 
ital code of the first frame in accordance with the code 

30 encryption key, and means 24 for transforming the un- 
intelligible video signal of the second frame to the intel- 
ligible video signal using the decrypted random digital 
code. 

Each terminal 12 may have a terminal specific en- 

35 cryption key and means 1 8 to send to the central facility 
the program identification data and the terminal 1 1 iden- 
tification data encrypted according to the terminal spe- 
cific encryption key. The central facility 11 has means 
for storing a duplicate of the terminal specific encryption 

40 key, means for encrypting the code encryption key ac- 
cording to the terminal specific encryption key; and 
means for sending the encrypted code encryption key 
from central facility 11 to terminal 12. 

Terminal 1 2 further includes means 22 for receiving 

45 the encrypted code encryption key from central facility 
1 1 , decryption means 23 for decrypting the code encryp- 
tion key according to the terminal specific encryption 
key, and decrypting the encrypted random digital code 
of the first frame in accordance with the code encryption 

50 key, and means 24 for transforming the unintelligible vid- 
eo signal of the second frame to the intelligible video 
signal using the decrypted random digital code. 

Terminal 1 2 includes means to encrypt the terminal 
identification data according to the terminal specific en- 

55 cryption key, means to send unencrypted terminal iden- 
tification data and encrypted terminal identification data 
to the central facility, which in turn includes means to 
compare unencrypted and encrypted terminal identifi- 
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cation data to verify terminal identity. 

A plurality of code encryption keys may be used for 
one program wherein a desired code encryption key is 
selected from the plurality of code encryption keys in ac- 
cordance with code encryption key identification data 
corresponding to the random digital code. 

various features of the system are now discussed 
in more detail. 

System 10 controls the viewing of video programs, 
by which is meant any video material, either transmitted 
or recorded, in television format consisting of a series 
of fields of lines. Two interlaced fields make up a televi- 
sion frame. 

Video programs are rendered unintelligible, e.g. 
scrambled, by any analog or digital method, and are 
made intelligible, e.g. descrambled, using random dig- 
ital codes located in fields. The random digital keys are 
themselves encrypted, and decrypted by a one or more 
key obtained from a database located at the central fa- 
cility, along with user-specific information at the time of 
viewing. The system does not stop copying, it controls 
viewing, while protecting revenues. As such, it can en- 
courage copying, which could ease the distribution is- 
sue by controlling the playback such that revenue can 
be collected each time. 

Preferably duplex communication link 1 3 is a con- 
tinuous data channel between a terminal and a central 
facility such as an ISDN D-channel or by modem over 
a regular phone line. 

The video program is encrypted, and needs a de- 
crypter in the terminal for viewing. The decrypter uses 
data embedded in the video program along with a data 
access to correctly perform the decryption, so the proc- 
ess is completely controlled. The embedded data and 
key transfer from the remote database may be protected 
with public domain encryption techniques, providing 
high level security before first viewing. 

The video program may be recorded as is, but it is 
still unviewable. To view it, the decrypter is used, along 
with the encrypted embedded data, and an access to a 
secure database, to perform the decryption. Recordings 
may be freely copied, but remain unviewable unless 
used with the decrypter. 

To view the programs requires access to the data- 
base using encrypted data transfer. This process yields 
the control of the video program, whether recording or 
trans mission. The decrypter requires one or more keys 
that arrives from the database. To get the key, informa- 
tion from the video program as well as terminal identifi- 
cation is sent to the database. 

A direct Electronic funds Transfer (EFT) debit can 
be performed using the information. It the program is a 
video store copy, the EFT could include the store fee 
and the copyright fee. Note that the video distribution to 
video stores becomes trivial, as they are encouraged to 
take a direct recording with a video store key, along with 
their authorized converter box, and make as many cop- 
ies as they like. The revenue control takes place at view- 



ing time. This encourages a shareware type of distribu- 
tion. 

A passkey can be sent to the database, to allow 
viewing of questionable taste films by adults, controlling 

s access by minors. 

On the first access, the database will capture a sig- 
nature derived from the user's equipment and the re- 
cording, and store it for subsequent tracking. As there 
is a compelled database access in this process, data on 

10 usage may be collected. This same process may be 
used for revenue collection. 

The system preferably uses at least one download- 
able key, an encrypted video program that uses the key 
for decryption, and data stored in a field of the video 

is program. It may be implemented in an all digital, analog, 
or mixed analog/digital environment. 

The video programs are encrypted, with data relat- 
ing to the programs, e.g. where and when, who trans- 
mitted it. The data may also contain part of the decryp- 
ts tion key. This information would be extracted from the 
signal, and used to access a database, maintained by 
the program's owners, to obtain an encrypted key for 
the decrypter. After a subscriber and/or a credit check 
is successfully completed, the one or more keys would 

25 be transmitted. At this time the owner has obtained us- 
age data, with a specific user's ID, and has the option 
of billing him. If it is a free program, at least the viewer 
data is available. 

If a user records a transmission or another record- 

30 jng, he captures the encrypted signal, along with em- 
bedded data, as described above. This accomplishes 
the signature part of the process. A recording created 
by this method may be on a regular VCR, but is encrypt- 
ed and individually marked. Copying a recording does 

35 not affect the system, as the rerecording is only usable 
with the correct keys. Potentially, the first few minutes 
of a program might be viewable without the need of a 
key, to allow the user to see what the contents of the 
program are, as well as to allow time for the database 

40 access and key synchronization process. 

To play a recording back, it is necessary to re-obtain 
the one or more keys. The combination of data stored 
in a field is used to access the database. Before the keys 
are made available, there is a check that the terminal 

45 identification and the embedded data match. 

In the case wherein a recording is rented from a vid- 
eo store, a code may identify the store. The database 
recognizes the recording as a rental copy, and charge 
either the user or the video store a fee. If the recording 

so is viewed a second time, the charge is repeated. In the 
event a copy is made, when it is played, the database 
will identify the originating video store, but not the actual 
copier. However, if validation is performed at rental time, 
there would be some measure of control. If the entire 

55 charging process were to be reversed, such that the 
viewer carries all the liability for charges, then copying 
is encouraged, as per shareware, and the distribution 
problem is minimized, while revenues are maintained 
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on a usage basis. 

The program's owner has the responsibility to get a 
secured copy to whoever deals with the distribution of 
the programs. The programs are encrypted, and require 
a database update to enable viewers to make use of the 5 
program. The viewer has a terminal including a de- 
crypter, linked to the central facility's database via an 
automatic dial-up, that, when enabled, decrypts the vid- 
eo program. As appropriate, there can be credit checks 
and billing from the database, as well as statistics col- 10 
lection. 

The encryption has two levels, one for protection of 
video decryption codes on the program, and one for pro- 
tection of messages between the terminal and the cen- 
tral facility. Both may use the NBS Data Encryption is 
Standard (DES). 

DES encryption and decryption may be implement- 
ed with a commercial Motorola 685R Data Security De- 
vice or similar product at the terminal and at the central 
facility. 20 

The decryption code itself is protected by being 
DES-encrypted. The decryption key is not on the video 
program but is retained in the database at the central 
facility. A program identification number and a decryp- 
tion key number allow the central facility to recover the 25 
decryption key itself and send it to the terminal for de- 
crypting the decryption codes. 

A different DES decryption key is not required for 
every field. One key can span several fields. DES key 
requests and acknowledgements from the terminal may 30 
also act as keep-alive messages to the central facility. 

DES decryption keys are transmitted from the cen- 
tral facility to the terminal protected by a higher-level 
DES "session" key. terminal requests for new keys as 
the tape progresses are also protected by the DES ses- 35 
sion key. This key is generated by the central facility at 
the beginning of the session and remains valid for the 
duration of the session. The terminal begins the session 
using a terminal-unique DES key stored in a ROM. 

Frame contents are transferred from the Analog 40 
Subsystem to the DCSS and the decrypted decryption 
code from the DCSS to the Analog Subsystem over the 
analog interface shown in the Figure. Transfer of data 
between the subsystems may be coordinated by means 
of the vertical and horizontal blanking signals and their 45 
derivative interrupts. 

All messages between terminal and central facility 
use Cyclic Redundancy Code (CRC) checking to verify 
message integrity. The CRC-CCITT generating polyno- 
mial generates two block check characters (BCC) for so 
each message. If the terminal receives a message that 
is not verified by the BCC, it sends a request (ARQ) to 
the central facility to retransmit the last message. The 
central facility does not attempt to ARQ garbled mes- . 
sages. It discards them and waits for a terminal to send ss 
again. 

Message exchange in the VCS is by a positive ac- 
knowledged scheme in which a response of some kind 
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is expected for every message sent. For example, a ter- 
minal expects a DES decryption key message after it 
sends a request for the same; the central facility expects 
a key receipt acknowledge after it sends the key mes- 
sage. 

When a user begins to play a protected program, 
the terminal initiates a session by sending a "session 
start" message (STS) to the central facility containing 
user and program identifications. The message con- 
tains message type, user number and CRC code in the 
clear, but the balance of the message is DES-encrypted 
with the initial DES session key stored in the terminal 
ROM. (The user identification is also stored in ROM.) 
The central facility uses the unencrypted data to access 
its database and find the user DES value for decrypting 
the remainder of the message. 

The central facility authenticates the message by 
comparing clear and decrypted user numbers. If the us- 
er numbers are identical, the central facility then con- 
firms that the program serial number is valid. The central 
facility may also check user credit. If all is well, the cen- 
tral facility accepts the session and generates a new 
(and random) DES key that is unique for that session. 
It encrypts this using the initial user value in the data- 
base and sends it to the terminal, which decrypts the 
message and stores the new value in its database (MCU 
RAM) as the session key for the remainder of the ses- 
sion. 

The central facility then uses the tape and decryp- 
tion key number in the STS message to recover a set of 
DES decryption keys for the program from the database. 
These are encrypted with the session key and sent to 
the terminal at the start of a session or during the course 
of a session. 

The terminal generates session start, key acknowl- 
edgement, and ARQ messages. The central facility re- 
sponds in kind. Both the central facility and the terminal 
generate and verify block check characters. 

The preferred embodiment and best mode of prac- 
ticing the invention have been described. Alternatives 
now will be apparent to those skilled in the art in light of 
these teachings. Accordingly the invention is to be de- 
fined by the following claims and not by the particular 
examples given. 



Claims 

1. A video system comprising: 
a central facility (11); 

a terminal (10) equipped with a data communi- 
cation link (13) to be coupled to said central fa- 
cility (11); and video program means (1 4; 1 5, 1 6) 
for providing to said terminal a video program 
comprising a series of television fields including 
an unintelligible video signal previously trans- 
formed from an intelligible video signal accord- 
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ing to a random digital code together with a sig- 
nal comprising said random digital code en- 
crypted according to a code encryption key; 
said central facility including a data base (19) 
for storing and retrieving at least one code en- s 
cryption key and means (20) for sending said 
code encryption key to said terminal (10) via 
said data communication link (1 3); and said ter- 
minal (10) further including means (22) for re- 
ceiving the code encryption key from said cen- 10 
tral facility (11); decrypting means (23) for de- 
crypting the encrypted random digital code in 
accordance with said code encryption key and 
means (24) for transforming said unintelligible 
video signal to said intelligible video signal us- *5 
ing the decrypted random digital code; 

characterised in that said video program 
means (14; 15, 16) is arranged to provide in a pre- 
liminary field of said video program the said signal 20 
comprising the random digital code encrypted ac- 
cording to a code encryption key specific to said 
program, together with program identification data 
identifying said program, and to provide in a subse- 
quent field of said video program the said unintelli- 2s 
gible video signal transformed with the said digital 
code contained in the preliminary field; 

that said terminal means (10) is adapted to re- 
spond to receipt of said preliminary field during 30 
provision of said video program and to provide 
said program identification data from said field 
to said centra! facility via said data link; 
and that said central facility (11 ) is arranged to 
respond to receipt of said program identifica- 35 
tion data by selecting from said database (19) 
the said code encryption key specific to said 
program and by providing said key to said ter- 
minal via said data link (1 3) whereby said ter- 
minal is enabled to retransform said unintelligi- 40 
bfe video signal of said subsequent field. 

2. The system of Claim 1 wherein a plurality of code 
encryption keys are used for one program, and 
wherein a desired code encryption key is selected 
from said plurality of code encryption keys in ac- 
cordance with code encryption key identification da- 
ta corresponding to the random digital code en- 
crypted with said desired code encryption key. 

so 

3. The system of Claim 1 or 2 wherein said subsequent 
field has a vertical blanking interval containing both 
a random digital code encrypted according to a 
code encryption key and program identification da- 
ta, and is followed by a further field containing an ss . 
unintelligible video signal previously transformed 
from an intelligible video signal according to said 
random digital code of the second field. 



4. The system of any one of Claims 1 - 3 wherein said 
video program means is means for transmitting said 
program to said terminal. 

5. The system of Claim 4 wherein said means for 
transmitting is a CATV system. 

6. The video system of any one of Claims 1 -5 wherein 
said video program means is a means (16) located 
at said terminal for playing a video recording medi- 
um storing said program. 

7. The video system of Claim 6, in combination with a 
video recording medium (1 5) storing said video pro- 
gram. 

8. The system of any one of Claims 1 -7 wherein: 

said terminal (10) further includes means (17) 
to store terminal identification data and a termi- 
nal specific encryption key; and means (18) to 
send to said central facility (11) said terminal 
identification data with said program identifica- 
tion data; 

said central facility (11) further includes means 
(1 9) for storing a duplicate of said terminal spe- 
cific encryption key; means for encrypting said 
code encryption key according to said terminal 
specific encryption key; and means (20) for 
sending the encrypted code encryption key 
from said central facility to said terminal; and 
said terminal further includes means (22) for re- 
ceiving the encrypted code encryption key from 
said central facility; and decryption means (23) 
for decrypting said code encryption key accord- 
ing to said terminal specific encryption key 

9. The video system of any one of Claims 1 -8 wherein: 

said terminal (10) further includes means (17) 
to store terminal identification data and a termi- 
nal specific encryption key; and means (18) to 
send to said central facility (11) said program 
identification data and said terminal identifica- 
tion data, 

said central facility further includes means (1 9) 
for providing a session encryption key; means 
for encrypting said session encryption key ac- 
cording to said terminal specific encryption key; 
means (20) for sending the encrypted session 
encryption key from said central facility to said 
terminal; means for encrypting said code en- 
cryption key according to said encrypted ses- 
sion encryption key; and means (20) for send- 
ing the encrypted code encryption key from 
said central facility to said terminal; and 
said terminal further includes means (22) for re- 
ceiving the encrypted session encryption key 
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from said central facility; decryption means (23) 
for decrypting said session encryption key ac- 
cording to said terminal specific encryption key 
means (22) for receiving the encrypted code 
encryption key from said central facility; and de- s 
cryption means (23) for decrypting said code 
encryption key according to said session en- 
cryption encryption key. 

10. The system of Claim 6 or 9 wherein said terminal 10 
includes means (23) to encrypt said terminal iden- 
tification data according to said terminal specific en- 
cryption key, and means (18) to send unencrypted 
terminal identification data and encrypted terminal 
identification data to said central facility and said is 
central facility (11) includes-means to compare un- 
encrypted and encrypted terminal identification da- 
ta to authenticate terminal identity. 



des Codeverschlusselungsschlussels und eine 
Einrichtung (24) zum Umwandeln des unver- 
nehmbaren Videosignals in das vernehmbare 
Videosignal unter Verwendung des entschlus- 
selten zufalligen Digitalcodes enthalt, 

dadurch gekennzeichnet, daB die Videoprogramm- 
einrichtung (14; 15, 16) eingerichtet ist, in einem 
einleitenden Halbbild des vldeoprogramms das Si- 
gnal bereitzustellen, das den nach MaBgabe eines 
fur das Programm spezifischen Codeverschlusse- 
lungsschlussels verschlusselten zufalligen Digital- 
code zusammen mit Programm-ldentifizierungsda- 
ten umfaBt, die das Programm identifizieren, und in 
einem nachfolgenden Halbbild des Vldeopro- 
gramms das mit dem in dem einleitenden Halbbild 
enthaltenen Digitalcode umgewandelte unver- 
nehmbare Videosignal bereitzustellen, 



11. The system of any one of Claims 5-10 wherein said 
central facility further includes means (21) for gen- 
erating billing data based on said terminal identifi- 
cation data and said program identification data. 



Patentanspruche 



daf3 die Endgerateeinrichtung (10) eingerichtet 
ist, auf den Empfangdes einleitenden Halbbil- 
des wahrend der Bereitstellung des vldeopro- 
gramms zu antworten und die Programm-lden- 
tifizierungsdaten des Halbbildes der zentralen 
Einrichtung uber die Datenverbindung zur Ver- 
fugung stellen, 



1 . Videosystem, das umf aBt: 

eine zentrale Einrichtung (1 1 ); 30 

ein Endgerat (10), das mit einer Datenubertra- 
gungsverbindung (13) ausgerustet ist, die mit 
der zentralen Einrichtung (1 1 ) zu verbinden ist, 
und eine Videoprogrammeinrichtung (14; 15, 35 
16), die dem Endgerat ein Videoprogramm zur 
Verfugung stellt, das eine Serie von Fernseh- 
Halbbildern umfaBt, die ein nach MaBgabe ei- 
nes zufalligen Digitalcodes von einem ver- 
nehmbaren Videosignal vorangehend umge- 40 
wandeltes unvernehmbares Videosignal zu- 
sammen mit einem Signal einschlieBt, das den 
nach MaBgabe eines Codeverschlusselungs- 
schlussels verschlusselten zufalligen Digitalco- 
de umfaBt, 45 

wobei die zentrale Einrichtung eine Datenbank 
(19) zum Speichern und Wiedergewinnen we- 
nigstens eines Codeverschlusselungsschlus- 
sels und eine Einrichtung (20) zum Senden des so 
Codeverschlusselungsschlussels uber die Da- 
tenubertragungsverbindung (13) an das End- 
gerat (1 0) enthalt, und das Endgerat (10) weiter 
eine Einrichtung (22) zum Empfangen des Co- 
deverschlusselungsschlussels von der zentra- ss 
len Einrichtung (11 ), eine Entschlusselungsein- 
richtung (23) zum Entschlusseln des verschlus- 
selten zufalligen Digitalcodes nach MaBgabe 



und daB die zentrale Einrichtung (11 ) eingerich- 
tet ist, auf den Empfang der Programm-ldenti- 
fizierungsdaten zu antworten, indem sie aus 
der Datenbank (1 9) den fur das Programm spe- 
zifischen Codeverschlusselungsschlussel aus- 
wahlt und den Schlussel dem Endgerat uber 
die Datenverbindung (13) zur Verfugung stellt, 
wodurch dem Endgerat ermoglicht wird, das 
unvernehmbare Videosignal des nachfolgen- 
den Halbbildes zuruckzuverwandeln. 

2. System nach Anspruch 1, bei dem fur ein Pro- 
gramm eine Mehrzahl von Codeverschlusselungs- 
schlusseln verwendet wird, und bei dem ein ge- 
wunschter Codeverschlusselungsschlussel aus der 
Mehrzahl von Codeverschlusselungsschlusseln 
nach MaBgabe von Codeverschlusselungsschlus- 
sel-ldentifizierungsdaten, die dem mit dem ge- 
wunschten Codeverschlusselungsschlussel ver- 
schlusselten zufalligen Digitaldaten entsprechen, 
ausgewahlt wird. 

3. System nach Anspruch 1 oder 2, bei dem das nach- 
folgende Halbbild ein Vertikal-Austastintervall be- 
sitzt, das sowohl einen nach MaBgabe eines Code- 
verschlusselungsschlussels verschlusselten zufal- 
ligen Digitalcode als auch Programm-ldentifizie- 
rungsdaten enthalt, und von einem weiteren Halb- 
bild gefolgt wird, das ein vorangehend nach 
MaBgabe des zufalligen Digitalcodes des zweiten 
Habbildes von einem vernehmbaren Videosignal 
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umgewandeltes unvernehmbares Videosignal ent- 
halt. 

4. System nach einem der Anspruche 1 - 3, bei dem 
die Videoprogrammeinrichtung eine Einrichtung 5 
zum ubertragen des Programms zu dem Endgerat 

ist. 

5. System nach Anspruch 4, bei dem die Einrichtung 
zum ubertragen ein CATV-System ist. 10 

6. Videosystem nach einem der Anspruche 1 - 5, bei 
dem die Videoprogrammeinrichtung eine in dem 
Endgerat gelegene Einrichtung (16) zum Abspielen 
eines Video-Aufzeichnungsmediums ist, das das is 
Programm speichert. 

7. Videosystem nach Anspruch 6 in Kombination mit 
einem Video-Aufzeichnungsmedium (15), das das 
Videoprogramm speichert. 20 

8. System nach einem der Anspruche 1 - 7, bei dem: 

das Endgerat (10) weiter eine Einrichtug (17) 
umfaBt, urn Endgerate-ldentifizierungsdaten 2s 
und einen endgeratespezifischen Verschlusse- 
lungsschlussel zu speichern, sowie eine Ein- 
richtung (18), umderzentralen Einrichtung (11) 
die Endgerate-ldentifizierungsdaten mit den 
Programm-ldentifizierungsdaten zu senden; 30 

die zentrale Einrichtung (11) weiter eine Ein- 
richtung (19) zum Speichern eines Duplikats 
des endgeratespezifischen Verschlusselungs- 
schlussels, eine Einrichtung zum Verschlus- 35 
seln des Codeverschlusselungsschlussels 
nach MaBgabe des endgeratespezifischen 
Verschlusselungsschlussels sowie eine Ein- 
richtung (20) zum Senden des verschlusselten 
Codeverschlusselungsschlussels von der zen- 40 
traien Einrichtung an das Endgerat umfaBt und 

das Endgerat weiter eine Einrichtung (22) zum 
Empfangen des verschlusselten Codever- 
schlusselungsschlussels von der zentralen 45 
Einrichtung sowie eine Entschlusselungsein- 
richtung (23) zum Entschlusseln des Codever- 
schlusselungsschlussels nach MaBgabe des 
endgeratespezifischen Verschlusselungs- 
schlussels umfaBt. 50 

9. Videosystem nach einem der Anspruche 1 - 8, bei 
dem: 

das Endgerat (10) weiter eine Einrichtung (17) 55 
umfaBt, urn Endgerate-ldentifizierungsdaten 
und einen endgeratespezifischen Verschlusse- 
lungsschlussel zu speichern, sowie eine Ein- 



richtung (18), urn der zentralen Einrichtung (11) 
die Programm-ldentifizierungsdaten und die 
Endgerate-ldentifizierungsdaten zu senden; 

die zentrale Einrichtung weiter eine Einrichtung 
(19) zum Bereitstellen eines Sitzungs-Ver- 
schlusselungsschlussels, eine Einrichtung 
zum Versch I Ossein des Sitzungs -Verschlusse- 
lungsschlussels nach MaBgabe des endgera- 
tespezifischen Verschlusselungsschlussels, 
eine Einrichtung (20) zum Senden des ver- 
schlusselten Sitzungs-Verschlusselungs- 
schlussels von der zentralen Einrichtung an 
das Endgerat, eine Einrichtung zum Verschlus- 
seln des Codeverschlusselungsschlussels 
nach MaBgabe des verschlusselten Sitzungs- 
Verschlusselungsschlussels sowie eine Ein- 
richtung (20) zum Senden des verschlusselten 
CodeverschlOsselungsschlussels von der zen- 
tralen Einrichtung an das Endgerat umfaBt und 

das Endgerat weiter eine Einrichtung (22) zum 
Empfangen des verschlusselten Sitzungs-Ver- 
schlusselungsschlussels von der zentralen 
Einrichtung, eine Entschlusselungseinrichtung 
(23) zum Entschlusseln des Sitzungs-Ver- 
schlusselungsschlussels nach MaBgabe des 
endgeratespezifischen Verschlusselungs- 
schlussels, eine Einrichtung (22) zum Empfan- 
gen des verschlusselten Codeverschlusse- 
lungsschlussels von der zentralen Einrichtung 
sowie eine Entschlusselungseinrichtung (23) 
zum Entschlusseln des Codeverschlusse- 
lungsschlussels nach MaBgabe des Sitzungs- 
verschlusselungs-Verschlusselungsschlus- 
sels. 

10. System nach Anspruch 8 Oder 9, bei dem das End- 
gerat eine Einrichtung (23) umfaBt, urn die Endge- 
rate-ldentifizierungsdaten nach MaBgabe des end- 
geratespezifischen Verschlusselungsschlussels zu 
verschlusseln, sowie eine Einrichtung (18), urn un- 
verschlusselte Endgerate-ldentifizierungsdaten 
und verschlusselte Endgerate-ldentifizierungsda- 
ten an die zentrale Einrichtung zu senden, und die 
zentrale Einrichtung (11) eine Einrichtung umfaBt, 
urn unverschlusselte und verschlusselte Endgera- 
te-ldentifizierungsdaten zu vergleichen, urn die 
Identitat des Endgerates zu verburgen. 

11. System nach einem der Anspruche 5-10, bei dem 
die zentrale Einrichtung weiter eine Einrichtung (21 ) 
umfaBt, die auf der Basis der Endgerate-ldentifizie- 
rungsdaten und der Programm-ldentifizierungsda- 
ten Abrechnungsdaten erzeugt. 
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Revendications 

1 . Systeme video comprenant : 

une installation centrale (11) ; 5 
un terminal (10) equipe d'une liaison de com- 
munication de donnees (13) destinee a etre 
couptee a la dite installation centrale (11) ; et 
un moyen de programmation vid6o (1 4 ; 1 5, 1 6) 
pour delivrer au dit terminal un programme vi- 10 
deo comprenant une serie de champs de tele- 
vision incluant un signal video inintelligible pre- 
c6demment transforms a partir d'un signal vi- 
deo intelligible selon un code numerique alea- 
toire en meme temps qu'un signal comprenant is 
le dit code numerique aleatoire crypte selon 
une clef de cryptage du code ; 
la dite installation centrale incluant une banque 
de donnees (19) pour memoriser et retrouver 
au moins une clef de cryptage du code, et un 20 
moyen (20) pour envoyer la clef de cryptage du 
code au dit terminal (10) par l'interm£diaire de 
la dite liaison de communication de donnees 
(13); et le dit terminal (10) incluant, en outre, un 
moyen (22) de reception de la clef de cryptage 25 
du code issue de la dite installation centrale 
(11) ; un moyen de decryptage (23) pour de- 
crypter le code numerique aleatoire crypte se- 
lon la dite clef de cryptage du code et un moyen 
(24) pour transformer le dit signal vid6o inintel- 30 
ligible en le dit signal video intelligible en utili- 
sant le code numerique aleatoire decrypte ; 

caracterise en ce que le dit moyen de pro- 
grammation video (14 ; 15, 16) est arrange pour de- 35 
livrer dans un champ prSliminaire du dit programme 
video le dit signal comprenant le code numerique 
aleatoire crypte selon une clef de cryptage du code 
sp6cifique au dit programme, avec une donnee 
d'identification du programme identifiant le dit pro- 40 
gramme, et pour delivrer dans un champ suivant du 
dit programme video le dit signal video inintelligible 
transform^ au moyen du dit code numerique conte- 
nu dans le champ pr6liminaire ; 

45 

en ce que le dit moyen de terminal (10) est 
adapte pour repondre a la reception du dit 
champ prSliminaire pendant la fourniture du dit 
programme video et pour delivrer la dite don- 
nee d'identification du programme a partir du so 
dit champ a la dite installation centrale par I'in- 
termSdiaire de la dite liaison de donnees ; 
et en ce que la dite installation centrale (1 1 ) est 
arrangee pour repondre a la reception de la dite 
donnee d'identification du programme par une 55 
selection dans la dite banque de donnees (19) 
de la dite clef de cryptage du code specifique 
au dit programme et en delivrant la dite clef au 



dit terminal par I 1 intermedial re de la dite liaison 
de donnees (1 3), de maniere a ce que le dit ter- 
minal soit rendu capable de re-transformer le 
dit signal video inintelligible du dit champ sui- 
vant. 

2. Systeme selon la revendication 1 dans lequel une 
plurality de clefs de cryptage du code est utilised 
pourun programme, etdans lequel une clef de cryp- 
tage du code desiree est choisie dans la dite plura- 
lity de clefs de cryptage du code selon la donnee 
d'identification de la clef de cryptage du code cor- 
respondent au code numerique aleatoire crypte" 
avec la dite clef de cryptage du code desiree. 

3. Systeme selon la revendication 1 ou 2 dans lequel 
le dit champ suivant comporte un intervalle cache" 
vertical contenant a la fois un code numerique alea- 
toire crypte selon une clef de cryptage du code et 
une donnee d'identification du programme, et est 
suivi par un autre champ contenant un signal video 
inintelligible prealablement transform^ d'un signal 
video intelligible selon le dit code numerique alea- 
toire du deuxieme champ. 

4. Systeme selon I'une quelconque des revendica- 
tions 1 a 3 dans lequel le dit moyen de programma- 
tion video est un moyen de transmission du dit pro- 
gramme au dit terminal. 

5. Systeme selon la revendication 4 dans lequel le dit 
moyen de transmission est un systeme de televi- 
sion par cable. 

6. Systeme video selon I'une quelconque des reven- 
dications 1 a 5 dans lequel le dit moyen de program- 
mation video est un moyen (16) dispose dans le dit 
terminal pour lire un moyen d'enregistrement video 
emmagasinant le dit programme. 

7. Systeme video selon la revendication 6, en combi- 
naison avec un moyen d'enregistrement video (15) 
emmagasinant le dit programme video. 

8. Systeme selon I'une quelconque des revendica- 
tions 1 a 7 dans lequel : 

le dit terminal (10) inclut, en outre, un moyen 
(17) pour memoriser une donnee d'identifica- 
tion du terminal et une clef de cryptage speci- 
fique du terminal ; et un moyen (1 8) pour adres- 
ser a la dite installation centrale (1 1 ) la dite don- 
nee d'identification du terminal avec la dite don- 
nee d'identification du programme ; 
la dite installation centrale (11) inclut, en outre, 
un moyen (1 9) pour memoriser une copie de la 
dite clef de cryptage specifique du terminal; un 
moyen pour crypter la dite clef de cryptage du 
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code selon la dite clef de cryptage specifique 
du terminal ; et un moyen (20) pour adresser la 
clef de cryptage du code cryptee a partir de la 
dite installation centrale au dit terminal ; et 
le dit terminal inclut, en outre, un moyen (22) s 
de reception de la clef de cryptage du code 
cryptee issue de la dite installation centrale ; et 
un moyen de dScryptage (23) pour decrypter la 
dite clef de cryptage du code selon la dite clef 
de cryptage specifique du terminal. m> 

9. Systeme video selon I'une quelconque des reven- 
dications 1 a B dans lequel : 



11. Systeme selon Tune quelconque des revendica- 
tions 5 a 10 dans lequel la dite installation centrale 
inclut, en outre, un moyen (21 ) pour engendrer une 
donn6e de facturation bas6e sur la dite donn6e 
^identification du terminal et la dite donn6e d'iden- 
tification du programme. 



le dit terminal (10) inclut, en outre, un moyen f£ 
(17) pour memoriser une donnee d'identifica- 
tion du terminal et une clef de cryptage du 
terminal ; et un moyen (18) pour envoyer a la 
dite installation centrale (11) la dite donnee 
d'identification du programme et la dite donnee 20 
d'identification du terminal ; 
la dite installation centrale inclut, en outre, un 
moyen (19) pour delivrer une clef de cryptage 
de seance ; un moyen pour crypter fa dite clef 
de cryptage de seance selon la dite clef de 25 
cryptage specifique du terminal ; un moyen 
(20) pour adresser la clef cryptee de cryptage 
de seance issue de la dite installation centrale 
au dit terminal ; un moyen pour crypter la dite 
clef de cryptage du code selon la dite clef cryp- 30 
tee de cryptage de seance ; et un moyen (20) 
pour adresser la clef cryptee de cryptage du co- 
de issue de la dite installation centrale au dit 
terminal ; et 

le dit terminal inclut, en outre, un moyen (22) 35 
de reception de la clef cryptee de cryptage de 
seance issue de la dite installation centrale ; un 
moyen de d6cryptage (23) pour d6crypter la di- 
te clef de cryptage de stance selon Ea dite clef 
de cryptage specifique du terminal, un moyen 40 
(22) de reception de la clef cryptee de cryptage 
du code issue de la dite installation centrale ; 
et un moyen de decryptage (23) pour decrypter 
la dite clef de cryptage du code selon la dite clef 
de crytage de seance. 45 

10. Systeme selon la revendication 8 ou 9 dans lequel 
le dit terminal inclut un moyen (23) de cryptage de 
la dite donnee d'identification du terminal selon la 
dite clef de cryptage specifique du terminal, et un so 
moyen (18) pour adresser la donnee non cryptee 
d'identification du terminal et la donn6e cryptee 
d'identification du terminal a la dite installation cen- 
trale, et la dite installation centrale (11) inclut un 
moyen pour comparer les donnees cryptee et non- ss 
cryptee d'identification du terminal pour authentifier 
I'identite du terminal. 
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